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One must be careful when assessing the security of practical quantum key distribution systems 
as real devices do not necessarily comply with the assumed theoretical models. In fact, a complete 
characterization of the devices is required by most security proofs — which is a non-trivial task in 
practice. In this work, we propose a quantum cryptography protocol that only requires partial 
knowledge of the devices. Specifically, the security of the protocol is based on a novel self-testing 
procedure where Alice and Bob perform Bell tests independently of each other. Then, by establishing 
a relation between the local Bell tests and a recent entropic uncertainty relation, we show that the 
protocol is secure against general attacks in the finite key size regime. 



Introduction. Quantum key distribution (QKD) [1] 
is a cryptographic technology which allows two legiti- 
mate users (traditionally called Alice and Bob) to gener- 
ate provably secure cryptographic keys. Its prowess de- 
rives from the fact that Alice and Bob can perform tests 
to detect possible attacks; a feat exclusive to quantum 
cryptography. However, the requirements for such tests 
are rather demanding, i.e., the involved devices must con- 
form to certain theoretical models, which in practice is 
generally hard to achieve. In fact, failure to do so may 
open certain side-channels [2], which an adversary can 
exploit without the risk of being detected. To put it dif- 
ferently, it is essential to have complete knowledge of the 
devices, otherwise most security proofs do not apply. On 
the other hand, complete characterization of devices usu- 
ally necessitates additional parameters — to characterize 
the discrepancies between the devices and the theoretical 
models — and as a result, the secret key rate of a practical 
QKD scheme may depend on several parameters, e.g., see 
Ref [3] . Clearly, this scenario is not encouraging for QKD 
systems with finite resources 1 : if the number of discrep- 
ancies is large, then the additional parameters required 
to characterize the discrepancies, together with its sta- 
tistical fluctuations, are likely to penalize the secret key 
rate [4-10]. 

In light of this dilemma, it is useful to consider the 
converse problem: instead of designing devices that con- 
form to the theoretical models, we want to devise security 
proofs that are valid for a very general class of devices 
which nonetheless can be characterized by very few pa- 
rameters. For instance, such a security proof was made 
available by Ref [10] where the devices only need to be 
characterized by the overlap of the measurements [11- 
13]. However, the knowledge of the overlap implies that 
Alice and Bob have complete knowledge of the measure- 
ment devices or they make the assumption that the mea- 
surement devices conform to the theoretical models. 

In this work, we propose a QKD protocol that is based 
on a novel local self-testing procedure [14]. In particular, 



the devices are tested locally, i.e, Alice and Bob perform 
the Clauser-Horne-Shimony-Holt (CHSH) test [15], an 
application of Bell's theorem [16] on their own devices, 
independent of each other and the quantum channel. As 
a result, a complete characterization of the devices is not 
necessary for the security of the protocol. Furthermore, 
the CHSH test is independent of the quantum channel 
and thus the channel loss cannot be used to open the de- 
tection loophole [17]. Contrary to most QKD protocols, 
the protocol adopts the tripartite model of Ref [18-21] 
where Alice and Bob generate and send quantum states 
to Charlie whose task is to perform an entangling mea- 
surement (similar to entanglement swapping [22]) on it. 
Then, the security assessment of the quantum channel 
(including Charlie) follows the channel estimation tech- 
nique of the BB84 protocol [23], i.e., checking for errors 
in the bases X and Z. In addition, we make the following 
assumptions 2 on the laboratories of Alice and Bob: Al) 
access to trusted local sources of randomness, A2) ac- 
cess to an authenticated, but otherwise insecure classical 
channel, A3) no information is allowed to leave the lab- 
oratories unless the protocol prescribes it, A4) access to 
trusted classical operations, A5) the measurement and 
source devices do not have internal memories and A6) 
the marginal states of Alice and Bob are independent of 
whether Charlie outputs a pass or fail. 

Under the above assumptions, and by deriving a rela- 
tion between the CHSH test and a recent security proof 
technique (based on an entropic uncertainty relation for 
smooth entropies [13]), the security proof in the finite 
key size regime is obtained. Moreover, our result is intu- 
itively related to the almost tight finite-key analysis [10] 
of the BB84 protocol and it differs only by a term that is 
dependent on the CHSH value. Most importantly, using 
realistic CHSH values, we obtained secret key rates that 
are comparable to the ones of the BB84 protocol. 

Related Work. Device-independent QKD [24-28] 
whose security is based on the monogamy of non-local 



Alice and Bob exchange finite number of systems in the protocol. 



2 A full discussion on the assumptions is detailed in the Supple- 
mentary Material. 



2 




Secure boundary 



Alice's lab 



Quantum Exchange 



Bob's lab 



FIG. 1. Quantum exchange. Alice and Bob each send 
a quantum state to Charlie. Then, Charlie is supposed to 
make an entangling measurement on the quantum states, and 
if it is successful he outputs a pass, otherwise he outputs 
a fail. In addition, whenever the entangling measurement is 
successful, Charlie broadcasts another two more bits such that 
either Alice or Bob can make the correction bit-flip operation 
if required. 



correlations [29] offers the same advantage, i.e., there 
is no need to have complete knowledge of the devices. 
The main difference between our protocol and device- 
independent QKD lies in the security principles which 
is reflected in the application of the CHSH test, i.e., we 
use it to test the devices locally while device- independent 
QKD use it to test both the quantum channel and the 
devices. Although our protocol is more intricate than the 
original version of device-independent QKD, it actually 
offers two advantages. First, the local CHSH test can 
be made loophole-free more readily than the CHSH test 
of device- independent QKD. Second, in the limiting case 
where the CHSH value is maximal, the secret key rate 
of our protocol is completely independent of the channel 
loss. 

Basic ideas. We start by defining the network topol- 
ogy of the protocol (motivated by Ref [18-21]): Alice and 
Bob prepare certain quantum states and send them to a 
quantum exchange (see Figure 1) — akin to a telephone 
exchange that connects phone calls. Here, the task of 
the quantum exchange is to establish entanglement be- 
tween Alice and Bob such that they can use it for quan- 
tum cryptography. In the ideal case, Alice and Bob each 
randomly prepare one of the BB84 states and send it to 
Charlie who makes a Bell state measurement; which is 
equivalent to Charlie distributing Bell states and Alice 
and Bob measuring it in the computational and diagonal 
bases [18, 19]. Note that Charlie needs to inform Alice 
and Bob which of the four Bell states he obtained, so that 
one of them flips a bit of their outcome if required. Then, 
it can be easily verified that after the correction bit-flip 
operations, the bit strings of Alice and Bob are perfectly 
correlated. In the event that the Bell state measurement 
is unsuccessful, he outputs a fail, e.g., because of losses 
(for more details, we refer to Ref [18, 19]). Interestingly, 
the idea of using entanglement swapping for quantum 
cryptography can be utilized to rule out all Trojan- horse 
attacks [30] on the laboratories of Alice and Bob, which 
is a highly desirable feature for practical quantum cryp- 
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FIG. 2. Arrangement of devices. Alice/Bob has three 
devices i.e., a source device and two measurement devices, 
of which they have minimal knowledge. By arranging the 
devices according to the self-testing procedure, Alice/Bob can 
either perform the CHSH test or generate an output state pic- 



tography. Moreover, the security holds even if Charlie 
is untrusted. In fact, as recently shown by Ref [20, 21], 
such protocols can be extended to more general settings. 

Although the above protocols [18-21] have an im- 
portant advantage — avoiding Trojan-horse attacks — over 
traditional protocols, they still require accurate descrip- 
tion of the source devices. For instance, the protocols of 
Ref [18, 19] require that the source devices produce pre- 
cisely the BB84 states. However, as we mentioned earlier, 
such a requirement may entail undesirable demands on 
the resources. In the following, we adopt the self-testing 
procedure of Ref [14] to overcome it, i.e., the functional- 
ity of the source devices do not need to adhere to such 
strict requirements. 

We briefly discuss the self-testing procedure for Alice, 
but the same holds for Bob. Alice holds three devices: a 
source device that claims to produce bipartite maximally 
entangled states and two measurement devices. The first 
measurement device has two settings {Z, X} 3 with binary 
outputs and the second measurement has three settings 
{U, V, P} where the first two settings produce binary out- 
puts and the last setting sends the other half of the bipar- 
tite state to Charlie. By arranging the devices according 
to the configuration of Ref [14] (see Figure 2), Alice has 
two choices, namely she can either select P and let one 
half of the bipartite state be sent to Charlie or use the 
settings U,V to perform the CHSH test. We refer to 
the former as sub-protocol Tqkd and the latter as sub- 
protocol Tchshj and the formal descriptions are given in 
the protocol definition section. 

The basic idea of the CHSH test is made clear with 
the following observations. First, according to the en- 
tropic uncertainty relations [11-13], if the measurements 
corresponding to bases X and Z do not commute, then 
secret key distillation is possible. Second, from Ref [31] 
we know that only non-commuting measurements can 
be used to violate the CHSH test. In fact, the maximum 
violation of the CHSH test requires anti-commuting 



3 We label the measurements Z and X because measurements in 
the computational and diagonal basis are optimal, but these can 
be arbitrary. 
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measurements. Putting these observations together, it is 
easy to see that the CHSH test is a device-independent 
test of the uncertainty principle and thus can be used 
to prove the security of the protocol. More precisely, we 
bound the overlap of the measurements corresponding 
to bases X and Z with the observed CHSH value, which 
in turn allows us to apply a generalized version of the 
entropic uncertainty relation for smooth entropies [13] 
to the protocol. 

Note: Such a relation has also been obtained indepen- 
dently by Ref [14] but with a different proof method. 

Security definition. It is instructive to briefly recall 
the criteria for a QKD protocol to be secure 

First, we fix some notations. Let Sa and Sb be the 
key strings of Alice and Bob, respectively and let E be 
the information which the adversary gathers over the 
execution of the protocol. Then, the joint state of Sa 
and E can be described as a classical-quantum state, 
Ps a e — J2 S \ s )( s \ ® P% where {p s E } s are states held by 
the adversary. We recall that a secure QKD protocol 
meets two requirements [10], namely correctness and se- 
crecy. Correctness is achieved if Sa = Sb and secrecy 
is achieved if ps A E = Us A ® Pe where Ug A is the uni- 
form mixture of all possible values of the key string. The 
former means that the key strings of Alice and Bob are 
identical and the latter implies that the key string of Al- 
ice is uniformly distributed and independent of E. 

However, in practice, even in the best scenario, a mi- 
nuscule amount of errors are inevitable. Thus, for small 
parameters e cor and £ scc , we require that the protocol 
is e col -correct, i.e., Pr[SU ^ Sb] < s cox , and £ scc -secret, 
i.e., \\\ps A E - U Sa ® Ae||i < £ S cc- Furthermore, such 
a security definition guarantees that the protocol is 
universally composable [32], i.e., the secrecy of Sa w.r.t 
E holds even when Sa is used in other cryptographic 
schemes. 

Protocol definition. The protocol is character- 
ized by a set of field specifications <&[£,m x ,m z ,j, 
S'toli Qtolj leakgC) £cor) which is parameterized by the 
secret key length £, the classical post-processing block 
size m x , error rate estimation sample size m z , CHSH 
test sample size j, tolerated CHSH value 5 to i, tolerated 
channel error rate Qtoij error correction leakage leakEc 
and the required correctness e cor . 

1. State preparation and distribution. — Alice selects a 
sub-protocol hi £ {TqkD: Tchsh} where Tqkd is se- 
lected with probability 1— p s and Tchsh with probability 
p s . In the following, we describe sub-protocols Tqkd and 
Tchsh formally for each zth run 

• Tqkd: Alice selects a measurement setting a* £ 
{X, Z} with probabilities p x and l—p x , respectively, 
measures one half of the bipartite state with it and 
stores the measurement output in y^. The other 
half of the bipartite system is sent to Charlie. 



• Tchsh: Alice measures both halves of the bipartite 
state: she chooses two bit values Ui,Vi uniformly 
at random, where Ui sets the measurement on the 
first half to X or Z and Vi sets the measurement 
on the second half to U or V. The outputs of each 
measurement are recorded in Si and tj, respectively. 

Similarly, Bob records his choice of sub-protocol in 
h! i and his measurement settings and outputs for sub- 
protocols Tqkd and Tchsh in and u-,u-,s-,i-, 
respectively. 

2. Quantum exchange. — Charlie makes an entangling 
measurement on the quantum states sent by Alice and 
Bob, and if it is successful, he broadcasts fi = pass, 
otherwise he broadcasts /; = fail. Furthermore, if 
fi = pass, then Charlie communicates gi £ {0, l} 2 to 
Alice and Bob. Then cither Alice or Bob flips a bit of 
their corresponding measurement outcome if required. 

3. Sifting. — Alice and Bob announce their sub-protocol 
and basis choices {h[}i, {ai}i, {bi}i over an 
authenticated classical channel and identify four sets, 

• Key generation, X := {i : (hi — h\ = Fq K D)A(aj = 
hi = X) A [fi = pass)} 

• Channel error rate estimation, Z := {i : (hi = h\ = 
Tqkd) A (di = hi = Z) A [fi = pass)} 

• Alice and Bob CHSH test sets, J := {i : hi = 
Tchsh} and J' := {i : h[ = r CHSH }, respectively. 

The protocol repeats steps (l)-(3) as long as \X\ < m x 
or [^l < m z or \ J\ < j or \ J'\ < j, where m x ,m z ,j £ f%. 
We refer to these conditions as the sifting condition. 

4- Parameter estimation. — To compute the average 
CHSH value from J , Alice uses the following for- 
mula, Stest := f[ u ii v i\ s i>ti)/\3\ ~ 4 > where 
f[ui,Vi\si,ti) = 1 if Si ® ti = Ui A Vi, otherwise 
f(ui,Vi\si,ti) — 0. Similarly, Bob uses the same 
formula and arrives at S' tcst . Next, both Alice and 
Bob publicly announce the corresponding bit strings 
{Vi}iez, {y'i}i€Z and compute the average error rate 
Qtcst := E,: e z Vi © V'i/\ z \- If max{S test , S' tcst } < S tol or 
Qtoi < Qtcst, they abort the protocol. 

5. One-way classical post-processing. — Alice and Bob 
choose a random subset of size m x of X for classical post- 
processing, and we let X and X' be random variables 
that take the values from the corresponding strings {yt}i 
and {y'i\i- Then, an information reconciliation scheme is 
applied, revealing at most (leak EC + [log(l/e cor )])-bits 
of information. More specifically, an error correction 
scheme which leaks at most leaksc-bits of information 
is applied, then an error verification scheme which leaks 
[log(l/e cor )]-bits of information is applied. If the error 
verification fails, they abort the protocol. Finally, Alice 
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and Bob apply privacy amplification to their bit strings 
to obtain a secret key of length t. 

Security analysis and discussions. In this sec- 
tion, we state our main result and discuss its feasibil- 



ity. The correctness of the protocol is determined by 
the error verification scheme which is parameterized by 
the required correctness e cor . Then for field specifica- 
tions $(£,m x ,m z , i,/, S , toi,<3toi,leak E c,e C or), £ > and 
£scc = 6e, the protocol is e sec -secret if 



l < m x 1 - log 1 + -^J8 - 5 t 2 ol + C - h(Q tol ) - leak EC - log log -, (1) 



where h denotes the binary entropy function, log denotes logarithm base 2, S to \ := S to \ — £, and Qtoi : = Qtoi + M with 
the statistical fluctuations given by 



32 ln l ; c 2K^| i l) ln l = (m x + m z )(rn z + l) ln ^ 
j e y m x j e y m x mj, e 
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FIG. 3. Secret key rate as a function of classical 
post-processing block size. For a fixed channel error 
rate of Qtoi = 1.5%, we plot the secret key rate for Stoi £ 
{2.825,2.800,2.775,2.750} from left to right. The security 
bound e scc and required correctness are fixed to 10~ 9 and 
10 -12 , respectively. 



The secret key rate is defined as := £/N where 

N is the number of bipartite states which Alice generates 
for the protocol. The proof for a slightly more general 
result is provided in the Supplementary Material. 

Prior to the discussion, it is important to briefly men- 
tion the problem of local losses (low efficient detectors, 
coupling losses, etc), namely the detection loophole. To 
simplify the discussion, we consider the case whereby low 
efficient detectors are used and the rest of the local losses 
are negligible. Then, to overcome the detection loophole, 
we can either trust the efficiency of the detectors or de- 
mand that the overall detection efficiency is sufficiently 



FIG. 4. The secure region in the asymptotic limit as 
a function of CHSH value and channel error rate The 

maximum critical channel error rate is 11% which is the same 
as the BB84 protocol. 



high 4 . For simplicity, we take Alice's and Bob's detec- 
tors to have perfect efficiency for our calculations, i.e., 
the measurement outcomes are restricted to binary out- 
comes. 

First, we investigate the performance of the protocol 
with respect to the classical post-processing block size 
m x . To proceed, the quantum channel is represented 
by a depolarizing channel parameterized by Qtoi- Next, 
we fix the security bound e and optimize the secret key 
rate over all field parameters $ that is e-secure 

and has block size m x . For the optimization, we set 
leak E c := mJ EC HQtoi) with f EC = 1.1 where f E c is 
the error correction efficiency (in the Shannon limit, it 



4 Note that detectors with an efficiency of 95% with negligible 
noise [33] were already reported 
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approaches 1). In Figure 3, we observe that reasonably 
good secret key rates can be achieved in the regime of 
m x = 10 5 bits, a factor of 10 larger than the finite key 
results [10] of BB84 protocol. Note that there were al- 
ready QKD field tests [34] which worked on classical post- 
processing block size in the order of 10 6 bits and demon- 
strations [35] of CHSH tests that achieve violations from 
about 2.73 to 2.81. 

In the asymptotic limit, that is, N —¥ oo, and given 
there is no channel loss, i.e., Charlie always outputs a 
pass, it is easy to verify that m x /N — > 1 and the secret 
key rate reaches 

= 1 - log (l + ^y 8 -S t 2 ol ) - 2h(Q tol ). (3) 

Here, one can immediately see the roles of the sub- 
protocols Tchsh and Tqkd: the local CHSH tests 
estimate the quality of the devices and the bit error rate 
estimates the quality of the quantum channel. In the 
case of Stoi = Stest = 2\/2, we recover the asymptotic 
secret key rate [36] of the BB84 protocol. 



Conclusion. In this work, we propose a QKD 
protocol based on local CHSH tests where the precise 
specification of the devices is not necessary. Then, 
by deriving a relation between the CHSH test and a 
generalized version of the entropic uncertainty relation, 
a security proof which is valid in the finite-key region 
is obtained. Most importantly, with realistic field 
parameters, the secret key rates are comparable to the 
ones of the BB84 protocol. Furthermore, the local CHSH 
tests can be readily made loophole-free as compared to 
device- independent QKD. 
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SUPPLEMENTARY MATERIAL 

In the following, we provide the security proof for the protocol described in the main text. First, we define the 
assumptions required for the proof and then introduce the necessary technical lemmas. Second, we prove a relation 
between the CHSH test and a generalized version of smooth entropic uncertainty relation (Lemma 5). Third, we 
provide the required statistical statements for estimating certain quantities of the raw key. Finally, we state our main 
result (Theorem 1) which is slightly more general than the result given in (1). 



1. Notations 

We assume that all Hilbert spaces denoted by H, are finite-dimensional. For composite systems, we define the 
tensor product of 'Ha and T-Lb as Hab '■= Ha'&'Hb- We denote as the set of positive semi-definite operators on 

H and S{%) as the set of normalized states on W, i.e., S(H) = {p£ V(Ji) : tr(p) = 1}. Furthermore, for a composite 
state pab € S(Hab), the reduced states of system A and system B are given by pa — ^b(pab) and ps = ^a{pab), 
respectively. A positive operator valued measure (POVM) is denoted by M := {M x } x where ^2 X M x — 1. For any 
POVM, we may view it as a projective measurement by introducing an ancillary system, thus for any POVM with 
binary outcomes, we may write it as an observable O — Y1 X £{0 1} ( — ^) x ^x, such that X^e{o 1} ^ x = We a ^ so use 
x := (x%, X2, ■ ■ ■ , x n ) to represent the concatenations of elements and [n] to denote {1, 2, . . . , n}. 



2. Assumptions required for the security proof 

Prior to stating the security proof, it is instructive to elucidate the assumptions which are necessary for the security 
proof. In particular, we define the minimal amount of knowledge and resources that are required for the security 
proof. The assumptions are detailed in the following: 

Al Trusted local sources of randomness. Alice (also Bob) has access to a trusted source that produces a 
random and secure bit value upon each use. Furthermore, we assume the source is unlimited, that is, Alice can 
use it as much as she wants, however the protocol only requires an amount of randomness linear in the number 
of quantum states generated. 



G 



A2 An authenticated but otherwise insecure classical channel. Generally, this assumption is satisfied if 
Alice and Bob share an initial short secret key [37, 38]. Note that the security analysis of such authentication 
schemes were recently extended to the universally composable framework by Ref [39], which allows one to 
compose the error of the authentication scheme with the errors of the protocol, giving an overall error on the 
security. 

A3 No information is allowed to leave the laboratories unless the protocol prescribes it. This assumption 
is paramount to any cryptographic protocol, and roughly speaking, it states that information generated by the 
legitimate users is appropriately controlled. More concretely, we assume the followings 

(a) Communication lines. — The only two communication lines leaving the laboratory are the classical and the 
quantum channel. Furthermore, the classical channel is controlled, i.e., only the information required by 
the protocol is sent. 

(b) Communication between devices. — There should be no unauthorized communication between any devices 
in the laboratory, in particular from the measurement devices to the source device. 

A4 Trusted classical operations. Classical operations like authentication, error correction, error verification, 
privacy amplification, etc must be trusted, i.e., we know that the operations have ideal functionality and are 
independent of the adversary. 

A5 *Measurement and source devices have no internal memories. This implies each use of the device is 
independent of the previous uses. For example, for N uses of a source device and a measurement that produces 
a bit string x := X2, ■ . . , x n ), we have 

N 

p N = <g>p\ m 2 = 0m: 4 

i—l i 

where M s is the POVM element corresponding to the outcome x. 

A6 *The marginal states of Alice and Bob are independent of whether Charlie outputs a pass or fail. 

Mathematically, assumption A6 corresponds to the following: let pac be the bipartite state generated by Alice 
and let pa = Tr^ (pac) be the marginal state of Alice, then assumption AG is satisfied by the identity 

PA | pass = PA | fail 

where pAlpass an d PAIfail are the marginal states of Alice conditioned on Charlie outputting pass and fail, 
respectively. 

In general, assumptions Al, A2, A3 and A4 are necessary for all cryptography protocols, be it quantum or classi- 
cal. However, to prove the security of the protocol, we require additional assumptions A5 and AG (denoted by the 
superscript * in the list). The former is required to simplify the problem at hand, that is, by restricting our analysis 
to devices that have no internal memories, the statistical analysis required for the security proof can be restricted to 
independent systems. The latter is required to prevent the adversary from establishing correlations with Alice's mea- 
surement and source devices. In particular, it is to prevent the adversary from post-selecting measurement outcomes 
(or the raw key 5 ) that are favorable to her. For example, Charlie (in the worst case, an accomplice of the adversary) 
can choose to output pass if only insecure states are produced by the source of Alice (also Bob), otherwise he outputs 
fail. This predicament appears to be unavoidable when one considers a general source device — where the physics is 
unknown — for quantum cryptography, i.e., the systems which leave the laboratory might carry valuable information 
for the adversary, e.g., such devices can be motivated to leak out crucial past information [40]. Although we do not 
consider completely general devices (or devices with adversarial motives), some form of guarantee on the observed 
statistics is still required. That is to say, we either compute the amount of information the adversary has on the raw 
key in the worst case scenario (see section 7) or adopt an ad-hoc assumption 6 like assumption A6 which prevents 
Charlie from establishing correlations with Alice's and Bob's measurement and source devices. For simplicity reasons, 
we adopt assumption AG. 



The raw key is defined as the measurement outcomes used to 
obtain the secret key. 



In fact, introducing ad- hoc assumptions is not new, e.g., Ref [41] 
made the assumption that the dimension of the source device is 
fixed 
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3. Technical lemmas 



Lemma 1 (Jordan's lemma [25, 42, 43]). Let O and O' be observables with eigenvalues ±1 on Hilbert space H.. Then 
there exists a partition of the Hilbert space, H. = Q) i H.i, such that 

O = 0O, and O'=0O; 

i i 

where Hi satisfies dim(Hi) < 2 for all i. 

Lemma 2 (Chernoff-Hoeffding [44]). Let X := — y\ Xj be the average of n independent random variables 
X\, Xi, . . . , X n with values in [0,1], and let p :— E[A] — ^^2i^[Xi] denote the expected value of X . Then, for 
any 5 > 0, 

Pr [X - p > 5} < cxp(-2<5 2 7i). 

Lemma 3 (Serfling [45]). Let {xi, . . . ,x n } be a list of (not necessarily distinct) values in [a,b] with average /i := 
— Xj . Let the random variables Xi, X2, ■ ■ ■ , X t be obtained by sampling t random entries from this list without 
replacement. Then, for any 5 > 0, the random variable X := j Xi satisfies 



Pr [X - fi > 5} < exp 



-2S 2 tn 



(n - t + l)(b - a) J ' 



Lemma 4 (Generalized UCR for commuting measurements [13]). Let e > 0, e > and p £ S<(Habc) ■ Moreover let 
M = {Ma;}, IN = {N z } be POVMs on Ha, and K = {Pk} a projective measurement on Ha that commutes with both 
M and IN. Then the post-measurement states 

PXB = ^2 \ X )^ X \ ® tr Ac{\/M^PABC\/M^), PZC = ^2 ® ir AB{^/N~zPABcVN~z), 

X z 

satisfy 



H 2 n ^(X\B) p + H^(Z\C) p > log - log 3, (SI) 



c*(p A ,M,m) og e 

where the effective overlap is defined as 



c*(p 



1 " 



IN) := irnnj^trCP^maxllPfc^jV.M^Iuj (S2) 



Note that (SI) is a statement about the entropies of the post-measurement states pxb and pzc, thus it also holds for 
any measurements that lead to the same post-measurement states. Accordingly, one may also consider the projective 
purifications M' and IN' of M and IN, applied to pa ® I^X^Ii where \<j>) is a pure state of an ancilla system. Since 
both measurement setups {p, M, IN} and {pa ® M', IN'} give the same post-measurement states, the R.H.S of 

(SI) holds for both c* (p^, M, IN) and c*(pa <8> |<^>)(</>|, M', IN'). We can thus restrict our considerations to projective 
measurements. 

In the protocol considered, Alice performs independent binary measurements — M, = {M£} xe /o,i} and IN, = 
{-/VJ} z6 { ,i} — on each subsystem i. We can reduce (S2) to operations on each subsystem, if we choose K = {P^} 
to also be in product form, i.e., Pj, — ^ i P^., where fc is a string of (not necessarily binary) letters fc, € K,. Then 
plugging this, M s = ® ■ M % x . and N g = i iV*. in the norm from (S2), we get 

\\P ii Y,N s M s N s \\ 00 = \\ ]T ®iV<^XlU=nil i ^E JV i M xXlloo. 

z zi,Z2,— i i zi 

Putting this in (S2) with p = ® i p 1 , pj. := tr{Pf,p l ), and dropping the subscript i when possible, we obtain, 

c*(p A ,M,F) < Yl n^^ll^E^Xlloc 

ki,k2,... i z 



In the following we will refer to 

maxUP^^M^IU (S4) 



cl:- 



as the overlap of the measurements {M x } x and {7V*} Z . 

4. An upper bound on the effective overlap with the CHSH value 

In this subsection, we first introduce the notion of CHSH operator [46] and then prove the relation between the 
CHSH test and the effective overlap (S4). 

In the CHSH test, two space-like separated systems share a bipartite state p and each system has two measure- 
ments. More specifically, system A has POVMs {M§,M?} and {M^Mf} and system T has POVMs {T$,T?} and 
{Tq,T^}. Since for any POVM there is a (unitary and) projective measurement on a larger Hilbert space that has 
the same statistics, we can restrict our considerations to projective measurements. Then, we may write the POVMs 
as observables with ±1 outcomes, i.e., at the site of the first system, the two observables are A := X)s=o( — l) s Ms 
and 0\ := X)s=o( — ^-Y^-l- Furthermore, the measurements are chosen uniformly at random. As such, the CHSH 
value is given by S(p,{3) := Tr(p/3) where the CHSH operator is defined as 

[3(0% A , 0° , O x T ) := Y,i-t) uAv O u A ® O v T (S5) 

where u, v and s, t are the inputs and outputs, respectively. The maximization of S(p, f3) over the set of density 
operators for a fixed [3 is defined by S ma , x ((3). Moreover, the CHSH operator can be decomposed into a direct sum of 
two-qubits subspaces via Lemma 1. Mathematically, we may write O a = J2 k P k O A P k and 0\ = J2k PkO A P k where 
{Pk}k is a set of projectors such that dim(Pj,) = 2 V k. Note that in Lemma 1, one may select a partition of the 
Hilbert space such that each block partition has dimension two. This allows one to decompose the general CHSH 
operator into direct sums of qubits CHSH operators. Likewise, for the measurements of Bob, O B = ^ r Q r O^Q r and 
0\ = J2 r QrO\Q r . For all k, P k O A P k and P k O A P k can be written in terms of Pauli operators, 

P k O A P k = m k -Y k and P k O^P k = n k ■ T k , (S6) 

where rh k and n k are unit vectors in M. k and T k is the Pauli vector. Combining (S5) and (S6) yields 

= 0/V where /3 k>r e G 2 k ® C 2 r (S7) 

k.r 

and it can be verified that 

S(p,0) = ^A fc , r 5 fc , r (S8) 

where 

\ k:r := Tr(P k <g> Q rP ) (S9) 
S k .r := Tr{p k ,rl3 k , r ) (S10) 

Whenever the context is clear, we write S = S(p,f3) and S max = S max (f3). 

In the following analysis, we consider only one subsystem, the superscript i is omitted, i.e., we use c* = ^2 k p k c k 
instead. 

Lemma 5. Let {O a } x( z{qi} and {O|n} yg { .i} be observables with eigenvalues ±1 on T-L A and Ht respectively and let 
(3 = y (—l) xAy O A <g> Oj, be the CHSH operator. Then for any p £ S{T-Lat)) the effective overlap c* is related to the 
CHSH value S = Tr(pf3) by 

c<\ + ^Vs^ (Sll) 
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Proof. Using (S6), let the relative angle between rfik and rik be 9k € [0,tt/2] for all k, i.e., rfik ■ rik — cos(9k). 
Furthermore, we can express rfik ■ T/c and rtk ■ Tk in terms of rank-1 projectors. Formally, we have rfik ■ Tk = 
Mfe)(™fc| — | — TOfe)(— TOfc| and similarly for ri^ -Tj.. Plugging these into (S4), 

max |((-l)'m fc |(-l)^ fc )| 2 = 1 + cosgfc (S12) 
i,ie{o,i} 2 

Next, we want to relate Ck to the CHSH value. Using the result of Seevinck and Ufhnk [31], for all r, (S10) satisfies 

S k , r < 2y/l + sm(6 k )sm(6 r ) (S13) 

where sin(0fc) and sin(# r ) quantify the commutativity of Alice's fcth and system T's rth measurements, respectively. 
From (S12) and (S13) we obtain for all r, 

c fc <^ + %y8-s2 iP> 

where we use the fact that the right hand side is a monotonic decreasing function. Finally, we get 

C* = ^PkCk = ^2 ^k,rCk ^\+ % ^8 - S 2 , 
k k,r 

and the inequality is given by the Jensen's inequality and (S8). 

□ 



5. Statistics 



We recall in the protocol definition, after the sifting step, Alice and Bob have sets X , Z, J ', J' which correspond to 
key generation, channel error estimation, Alice's CHSH test and Bob's CHSH test. We need to estimate the average 
overlap of set X given the observed CHSH value evaluated on sets J and J' . To do that, we need the following 
two statistical statements: the first statement (Lemma 6) gives a bound on the probability that the observed CHSH 
value is larger than the expected CHSH value and the second statement (Lemma 7) gives a bound on the probability 
that the average of the values c* ,z for i £ X (used to generate the key) is larger than the average of the values c*' 1 for 
i e J (used for the the CHSH test). 



Lemma 6. Let Sj be the average CHSH value on j independent systems, and S tes t the observed CHSH on these 
systems. Then 



Pr 



'test 



Sj> 



32 , 1 

— In - 
3 e 



< e. 



Proof. We define the random variable 



Yi 



1 if Si © ti = Ui A Ui 
otherwise, 



where Ui,Vi, Si,ti are the inputs and outputs, respectively of the measurements on system i, and Yj := j^2 ie jYi- 

It is easy to see that Si = 8E[Yi] — 4, Sj = 8~E[Yj] — 4 and Stest — Yj. The proof is then immediate from Lemma 
2. . ^ 

In the main text, we made the assumption A6 that the marginal states of Alice and Bob are independent of Charlie's 
measurement outcome. This implies that Charlie's measurement does not distinguish between setups with small and 
large c*' 1 . As a consequence, the average c* value on X can be estimated with the average c* value on J . 

Lemma 7. Let c* x := — ^2 ieX c*' 1 be the average c* value on the set X used to generate the secret key, and 
c*j := j ^2 ie j c*' 1 be the average c* value on the set J selected for the CHSH test. Then 



Pr 



c x ~Cj> 



(m x +.]){] + I) 

2m x j 2 e 



< 
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Proof. Let fx := — 1 + . Y^iexuj c*'*. Since the adversary cannot distinguish between systems with small and large c*' % , 
J can be seen as a random subset of X U J . Hence we can apply Lemma 3, from which we get 

or* ^ jn -26 2 m x (m x + j) 

P r l c x ~ A* > o < ex P • 

J + 1 

Using /x = ^^jc^ + ^t+] c j we nnisn the proof. □ 



6. Secrecy of the protocol 

With the relevant results in hand, we are ready to prove our main result which follows roughly the same line of 
argument as Ref [10]. The main differences are the use of a more general smooth entropic uncertainty relation (Lemma 
4) to bound the error on the secrecy, and of the CHSH test to bound the effective overlap of the measurement operators 
and states used by the uncertainty relation (Lemma 5). Since the players can only sample the CHSH violation, we 
use Lemma 7 to bound the distance between this estimate and the expected effective overlap of the key set. The 
correctness of the protocol are evaluated in exactly the same way as in Ref [10], so we refer to that work for the 
corresponding bounds and theorems. We only prove the secrecy of the protocol here. 

Contrary to most QKD protocols, the protocol adopts a tripartite model where Charlie is supposed to establish 
entanglement between Alice and Bob. Thus in our picture, we can view Charlie as an accomplice of the adversary 
and evaluate the secrecy on the overall state conditioned on the events whereby Charlie outputs a pass. 

We briefly recall the main parameters of the protocol, which are detailed in the protocol definition given in the 
main text. Conditioned on the successful operation of Charlie (the events whereby Charlie outputs a pass), Alice 
and Bob generate systems until at least m x of them have been measured by both of them in the basis X, m z have 
been measured in the basis Z, and j have been chosen for both CHSH tests. The tolerated error rate and the CHSH 
value are Q to i an d Stob respectively. Furthermore, we assume that our information reconciliation scheme leaks at 
most leakEc + |d°§(l/ £ cor)l-bits of information, where an error correction scheme which leaks at most leakgc-bits 
of information is applied, then an error verification scheme which leaks [log(l/e cor )]-bits of information is applied. 
If the error verification fails, they abort the protocol. Note that Alice and Bob should check who has the higher 
CHSH value, then the information reconciliation scheme is implemented from that party's point of view. In the 
following, we assume that Alice always has the higher CHSH value, i.e., Bob is supposed to reconstruct the key of Alice. 



Theorem 1. The protocol is e scc -secret if for some eq, £tjcr> £ pa, £c* > £chsh > such that 2eq + £tjcr + e PA + £ c* 
£chsh < £scc7 the final secret key length £ satisfies 

<m x ( 1 - log [ 1 + - ^oi + COrc) J -HQtoi)) - leak EC - log ^- - log , (S14) 



where S to \ := S to i — £(£chsh) an d Qto\ '■— Qto\ + A*( £ q) with the statistical fluctuations given by 



e( ^ /32 1 N , 2K+j)(j + l) , 1 A ( \ (m x + m z )(m z + 1) 1 

£(£chSh) := \ — In , ( £ c - := i ^ In — , and \i e Q ) := J In — . 

V J Echsh V m x j 2 e c * ^ y m x mj e Q 

Proof. If one of the tests Qtest < Qtoi and 5t os t > Stoi fails, then the protocol aborts, and the secrecy error is trivally 
zero. Conditioned on passing these tests, let X be the raw key of length m x that Alice gets from the set X, and let E 
denote the adversary's information obtained by eavesdropping on the quantum channel. After listening to the error 
correction and hash value, Eve has a new system E' . Using leakEc + ri°g(l/ £ cor)l < leakEc +log(2/e cor ) (the number 
bits used for error correction and error verification) and using chain rules for smooth entropies [13] we can bound the 
min-entropy of the raw key X given E' 

H 2 J+^(X\E') > H 2 J^ (X\E) - leakEc - log i 

&cor 

From the entropic uncertainty relation (Lemma 4), we further get 

H 2 J+^(X\E) > log 1 - H^(Z\B) - log ■ 2 



c" e 2 



UCR 
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where Z can be seen as the outcome Alice would have gotten if she had measured the same systems in the corresponding 
basis Z, and B is Bob's system in this case (before measurement). 

The max-entropy of the alternative measurement is then bounded by the error rate sampled on the m z systems 
Z [10]: 

J^„(Z|B)<m B h(Q tol + /i(e g )) ) 

where h(x) := — xlog 2 x— (1 — x) log 2 (l — x) is the binary entropy function oix,e — sq / ^/p pa ss and p pass '■= Pr[Qtest < 
Qtoi A Stest > Sto\] is the probability of the event "pass" , namely that this round of QKD passes the statistical tests. 

Next, we bound c* in terms of the measured CHSH value SVest- We first use the arithmetic-geometric means 
inequality, from which we get 



c *<n 



iex 



E 

\i£X 



C ' 

in, 



= (cx) 



Since the adversary cannot distinguish between systems with small and large c*' 1 , c*j can be seen as a random sample 
from C% ux , where J is the set of systems used for the the CHSH test. From Lemma 7 we get Pr [c% — cj > C(e c * )/2] < 
e c * , hence 



e' := Pr 



cx - cj 



> 



pass 



< 



Ppass 



Lemma 5 can now be nsed together with Jensen's inequality, so with probability at least 1 — e', 



cx < - I 1 



Sj 



8-S* 



C(£c 



We still need to take into account that we only have an approximation for the CHSH value of the systems in J . From 
Lemma 6 we get that 



Pr 



Sj < St, 



pass 



< 



ECHSH 
Ppass 



Finally, the bound on the error of privacy amplification by universal hashing [32, 47, 48] says that the error is less 
than 2e + £ucr + £pa as long as 



^<^+ £uCR (^|i?')-21og- 



£pa 



Putting all the above equations together we get (S14), with a total error conditioned on passing the tests Qt 
and Stest — "Stoi of at most 2e + eucR + £pa + s' + s" . If we remove this conditioning, the error is then 

Ppass (2e + £ucr + £pa + e' + e") < 2e Q + even + £pa + £ c * + £chsh- 



< 



hoi 



□ 



7. A method to remove assumption A6 



In our security proof, we require that the adversary cannot distinguish between rounds with small and large effective 
overlap c*' % . Here, we sketch an approach to remove assumption A6 and show that the secret key rate of the protocol 
in the most perilous scenario is generally dependent on the channel loss; only in the limiting scenario — where the 
observed CHSH value is maximal — it is independent of the channel loss. 

To show the above, we only need to modify Lemma 7. First, let c* x , := YlieX' c *' 1 wnere the se t X 1 denotes the 
systems whereby Alice and Bob measure in the X basis. Clearly, we have X C X' with equality only if Charlie's 
operation has unit efficiency, i.e., rj e s — 1- Next, we consider {c* ,% }i e x' in decreasing order, that is, c*' 1 > c*' 2 > 
■ ■ • > c*'' x '. Then the average overlap of X' is decomposed as 

* m x \ - c ' x - c m x I , 1 \ 1 

C *' = ^7|Z. — + ^-^l C ^"2i + 2 

1 1 i=l x j=m x +l 7 
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where we assume that the adversary selects the systems for X and the inequality is given by using c*' 1 > 1/2. As 
such, the average overlap of X satisfies 



c 



x 



<l + ^- B {^-\) where r, eS := ^ (S15) 



Note that in practical scenarios, ?7 c ff can be identified with the efficiency of the Bell state measurement and the 
channel loss. Finally, since c* x , can be estimated from dj via Lemma 7, the security proof follows from the previous 
sub-section. In the asymptotic limit, using (S15) and Lemma 5, it is easy to verify that our protocol is secure as long 
as the condition 4?7 G fj > Stcst \/8 — S^ cst holds. Accordingly, the distance between Alice and Bob is limited by the 
strength of the CHSH violation. 
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